60 million dollars worth of Ethereum was stolen using a unique technique

Emre Çitak
Nov 15, 2023
Crypto & Blockchain

Investment in crypto-assets is unregulated, may not be suitable for retail investors and the entire amount invested may be lost. It is important to read and understand the risks of this investment, which are explained in detail here.

The allure of decentralized finance (DeFi) has captivated the world, promising financial freedom, accessibility, and innovation. However, this rapidly evolving landscape is not without its perils. In a recent alarming incident, malicious actors exploited a feature within the Ethereum blockchain, known as Create2, to orchestrate a massive theft, draining over $60 million from unsuspecting victims.

The Create2 function was introduced in 2019 to enhance smart contract creation, allowing developers to predict the address of a contract before deploying it. This feature proved advantageous for decentralized applications (dApps) and user experience. However, it also presented an unexpected vulnerability, which cybercriminals have cleverly manipulated to their advantage.

Ethereum's Create2 function was used in address poisoning and millions of dollars were stolen

Poisoning addresses and exploiting security gaps

The perpetrators devised a two-pronged attack strategy to exploit the Create2 function and siphon funds from unsuspecting users. The first method involved generating Ethereum addresses that closely resembled legitimate ones owned by intended recipients. This technique, dubbed "address poisoning," entailed creating a vast pool of addresses and selecting those that matched the target's address, effectively tricking users into sending their assets to the wrong destination.

The second tactic involved abusing the Create2 function to bypass wallet security alerts. By carefully crafting transaction data, attackers could effectively disable these safeguards, allowing them to steal funds without raising any red flags for the victims' wallets. This method proved particularly effective in bypassing security measures designed to prevent unauthorized transactions.

Read alsoThe biggest crypto heist of 2023 struck the investors.

A trail of financial devastation

The exploitation of the Create2 function left a trail of financial devastation in its wake. Over 99,000 victims fell prey to the carefully orchestrated scheme, losing a staggering $60 million in total. The individual losses varied significantly, with some victims losing their entire cryptocurrency holdings.

99,000 victims fell prey to this

The incident highlighted the inherent risks associated with the nascent DeFi ecosystem, where technological advancements can be exploited for malicious purposes. It also underscored the importance of vigilance and user education, emphasizing the need for individuals to thoroughly investigate and understand the platforms they interact with before entrusting them with their valuable assets.

The theft of $60 million from 99,000 victims serves as a stark reminder of the vulnerabilities that exist within the DeFi space. While the Ethereum community has taken steps to address the Create2-related exploits, the incident underscores the ongoing challenge of securing decentralized networks and protecting users from sophisticated cyberattacks.


Previous Post: «
Next Post: «


There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.